University of Liverpool researchers have demonstrated how unsecure Wi-Fi networks can be used to spread computer viruses throughout densely populated areas.
The team claim the virus, dubbed Chameleon, can spread between homes and businesses without detection by identifying areas where Wi-Fi access is poorly encrypted and password protected.
They have likened the spread of the virus to the way airborne diseases pass through populations, having simulated an attack on Belfast and London in a laboratory setting to ascertain its behaviour.
The virus is reported to have travelled across Wi-Fi networks via access points (APs) that connect households and businesses to the internet.
“Areas that are densely populated have more APs in close proximity to each other, which meant the virus propagated more quickly, particularly across networks connectable within a 10-to-50 metre radius,” the research team said in a statement.
Alan Marshall, professor of network security at the University of Liverpool, said Chameleon was able to collect the credentials of any of the Wi-Fi users who connected to the APs it infected.
“Chameleon was able to avoid detection as current virus detection systems look for viruses that are present on the internet or computers, but Chameleon is only ever present in the Wi-Fi network,” Marshall explained.
“Whilst many APs are sufficiently encrypted and password protected, the virus simply moved on to find those which weren’t strongly protected including open access Wi-Fi points common in locations such as coffee shops and airports.”
Marshall also warned that poorly protected Wi-Fi connections are an increasingly attractive target for computer hackers, which makes them harder to defend.
“It was assumed, however, that it wasn’t possible to develop a virus that could attack Wi-Fi networks but we demonstrated this is possible and that it can spread quickly,” he added.
“We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely.”